834 matches found
U.S. Dept Of Defense: Arbitary file download vulnerability on a DoD website
A DoD website was misconfigured in a manner that could have allowed an attacker to collect sensitive information about the web application or system. @psychomantis was able to demonstrate this vulnerability by crafting a specially formatted URL. Thank you for notifying us of this vulnerability!...
WordPress The Events Calendar Plugin <= 4.1.1 - Open Redirection
This plugin is prone to an open redirection vulnerability in the "tribe-bar-view" parameter. Solution Update the plugin...
The Events Calendar <= 4.1.1 - Open Redirect
The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...
The Events Calendar <= 4.1.1 - Open Redirect
The problem is located in the "tribe-bar-view" parameter that can be used to redirect a user to an arbitrary website. Timeline 2016-04-04 : Initial contact with Modern Tribe 2016-04-05 : Modern Tribe confirms the report 2016-04-07 : Modern Tribe publishes a new version 4.1.1.1 that resolves the...
WordPress The Events Calendar Plugin <= 4.1.1 - Open Redirection
This plugin is prone to an open redirection vulnerability in the "tribe-bar-view" parameter. Solution Update the plugin...
Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities
Document Title: =============== Apple iOS v9.2.1 - Multiple PassCode Bypass Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1779 View Video: https://www.youtube.com/watch?v=-XLlpnjZXFM Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1778...
The Events Calender: Eventbrite Tickets 3.9.6 Cross Site Scripting
Details ================ Software: The Events Calendar: Eventbrite Tickets Version: 3.9.6 Homepage: https://theeventscalendar.com/product/wordpress-eventbrite-tickets/ Advisory report:...
WordPress Events Calendar Plugin <= 6.7.11a - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
The Events Calendar <= 3.0 - Reflected Cross-Site Scripting (XSS)
The The Events Calendar WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
Events Calendar - SQL Injection
The events-calendar WordPress plugin was affected by a SQL Injection security vulnerability...
WordPress The Events Calendar Plugin <= 3.0 - Reflected Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress The Events Calendar Plugin <= 3.0 - Reflected Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
DevelopItEasy Events Calendar 1.2 - Multiple SQL Injection Vulnerabilities
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
events calendar 1.1 - Remote File Inclusion Vulnerability
No description provided by source. Events Calendar 1.1 Remote File Inclusion Vulnerability ======================================================== Author: kevin mitnick tunisianblackhat team = = Home : http://tunisianblackhat.com = = email: kevinmitnickAlive.fr = =...
Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection
No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published: 2010-06-10 Greetz to:Sid3^effects, MaYu...
Cross-site Scripting (XSS) Vulnerability WP Events Calendar
High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP Events Calendar, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP Events Calendar Input passed via the "ECid" GET parameter to /wp-admin/admin.php when "page"...
CVE-2008-6608
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...
Sql injection
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...
CVE-2008-6608
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the username parameter aka user field to admin/index.php, 2 the userpass parameter aka pass field to admin/index.php, or 3 the id parameter to...
CVE-2008-6608
DevelopItEasy Events Calendar 1.2 is affected by multiple SQL injection vulnerabilities. The flaws allow remote attackers to execute arbitrary SQL commands through (1) user_name (user field) or (2) user_pass (pass field) in admin/index.php, or (3) id in calendar_details.php. Root cause: improper ...